- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Tue, 14 Nov 2006 19:28:35 +0000
- To: public-wsc-wg@w3.org
Folks, What I was trying to explain earlier. I realise that this is at least borderline, but wanted to ask the question in any case. I believe this corresponds to ACTION-3 from today's meeting. XPath and similar languages are effectively almost programming languages and can therefore potentially badly affect the end user. In contrast with Java/Javascript these are less likely to have separate content types or browser settings/controls that the user can set and understand. I don't claim to know the answer, but the question relates to these examples of sort-of-active content - should WSC consider these in the same way as Java/Javascript or not? And either way, what's the boundary between passive and active content? (I assume we'll need some description of "active" content that users have to be more careful about.) These technologies may also be worth considering if we think of the user's machine a a DDoS attack vector. (Attack web server, modify content to include dodgy XPath expressions that attack someone. Innocent browsers rip away.) Stephen.
Received on Tuesday, 14 November 2006 20:01:06 UTC